Microsoft has released its security updates for April 2024. This month, a few vulnerabilities are potentially impacting Always On VPN administrators. Specifically, three updates address issues with the Windows Server Routing and Remote Access Service (RRAS). In addition, vulnerabilities affect the Remote Access Connection Manager (RasMan) service, affecting both VPN servers and clients.
RRAS
Windows Server Routing and Remote Access (RRAS) has three security updates available this month. All three are Remote Code Execution (RCE) vulnerabilities but require user interaction to exploit the vulnerability. All three updates are rated as Important.
RasMan
In addition to the vulnerabilities in RRAS, Microsoft announced numerous updates for vulnerabilities discovered in the Remote Access Connection Manager (RasMan) service. These vulnerabilities are related to information disclosure via buffer overruns. These updates affect both Windows RRAS servers and Windows Always On VPN clients. All updates are rated as Important.
Recommendations
While none of these vulnerabilities are critical, Always On VPN administrators are urged to update their affected systems soon.
Beau McMahon
/ April 18, 2024Seems this update breaks our Machine Tunnel connections (IKEv2) if they have EKU filtering enabled. Removing the EKU filtering on the workstations resolves the problem. (OR uninstalling the update)
Richard M. Hicks
/ April 18, 2024I have another customer reporting the same issue. I’m testing now but unable to reproduce the issue. I’ll keep testing and post additional information if I learn more.
Chris
/ May 20, 2024We also have reports, that Device Tunnel is broken and also using EKU filtering.
Richard M. Hicks
/ May 21, 2024The issue described in this post have been resolved in the May 2024 update. If you apply the latest update, it should resolve this issue.